Back to PkgExim4
1. Debian Exim4 User FAQ
This is work in progress, so it is probably not yet very helpful.
?TableOfContents
1.1. Questions not categorized yet
1.1.1. How do I re-execute the debconf-driven configuration?
- dpkg-reconfigure exim4-config
- $EDITOR /etc/exim4/update-exim4.conf.conf
- Further reading: man update-exim4.conf
1.1.2. When I try to deliver a message via SMTP to my Exim, I get "550 relay not permitted"
Answer not yet fleshed out.
- dc_relay_nets
- If client host is on dynamic IP, SMTP AUTH
- ISP blocking tcp/25
1.1.3. my exim cannot connect to the outside
Answer not yet fleshed out.
It might be possible that your ISP blocks outgoing connections to port TCP/25 of external hosts. This prevents computers on the ISP network from directly sending out e-mail. Many ISPs do this as a security precaution because compromised computers (called "Zombies") are frequently used to send out Spam.
Possible solutions:
- Use ISP Smarthost
- Use tcp/587 to deliver to an external smarthost
1.1.4. my exim cannot be connected to from the outside
Answer not yet fleshed out.
It might be possible that your ISP blocks incoming connections to port TCP/25 of their customer's machines. This prevents computers on the ISP network from directly receiving e-mail. Many ISPs do this as a security precaution because misconfigured SMTP servers can be an open relay and thus be abused to send out Spam.
If you want to run a MX server on such a connection, you're out of luck. It is not possible to use a different port for MX servers since the Internet Standards don't offer the possibility to tell delivering hosts to try delivery on a different port.
If you want to run a smarthost on such a connection, it might be a solution to configure exim to listen on port TCP/587 additionally. Please note that the Internet standards demand that you only accept e-mail after authentication if the connection is made to TCP/587. Otherwise, you might open yourself to receiving and sending Spam.
1.1.5. How do I configure exim to use a different port to receive mail
1.1.6. How do I configure exim to use a different port to send mail
1.1.7. I am trying to have exim forward mail to some internal hosts, but all I am getting is "all relevant MX records point to non-existent hosts"
A probeble cause for this might be that all MX records for the offending domain point to site local or link local IP addresses, which are ignored by the dnslookup router to protect from misconfigured external domains. The default configuration has relaxed checking for domains that the local system is configured to allow relaying to, so adding the offending domain to dc_relay_domains will most probably help.
Please note that no domain on the public Internet should have MX records pointing to site local or link local IP addresses, so you might check your externally visible MX records.
If this doesn't help, try analyzing the output of exim -d -bt some.local.part@the.offending.domain.example
[http://www.exim.org/eximwiki/FAQ/Routing_to_remote_hosts/Q0302 Upstream Exim FAQ Q0302] might help as well.
1.1.8. I get the error "Mailing to remote domains not supported". I don't have a FQDN on this machine and just want it to send notifications by email (to outside domains) via various scripts. Can exim do this? How?
Not yet answered.
1.1.9. What do "lowest numbered MX record points to local host" or "remote host address is the local host" mean?
This is covered in [http://www.exim.org/eximwiki/FAQ/Routing_to_remote_hosts/Q0301 Upstream Exim FAQ Q0301.] The Debian default configuration has the hubbed_hosts router mentioned there already defined. Its configuration file is /etc/exim4/hubbed_hosts, and some documentation can be found in /etc/exim4/conf.d/router/150_exim4-config_hubbed_hosts.
1.1.10. What do the "DEBCONFfooDEBCONF" macros in the Debian configuration do?
When the Exim daemon is started, the dpkg-conffiles in /etc/exim4 are post-processed to the result /var/lib/exim4/config.autogenerated, which is the configuration file that Exim reads. In this post-processing step, done by update-exim4.conf, the DEBCONFfooDEBCONF strings are replaced with values pulled from /etc/exim4/update-exim4.conf.conf and system configuration.
Please note that the string DEBCONF is kind of a misnomer since the strings are _not_ directly pulled from the Debconf database, but from user-editable conffiles instead. This is a common misunderstanding.
For more information, read the update-exim4.conf man page.
1.1.11. I am experiencing timeout issues with TLS connections
Answer not yet fleshed out.
- GnuTLS Entropy issue
- Kernel not generating enough entropy
- network removed
- /proc/sys/kernel/random/entropy_avail
- hardware RNG
- audio in RNG
- Rebuild exim 4.60-3+ with OpenSSL
- install gnutls-bin
- install openssl on exim 4.63-4+
1.1.12. Why does my exim HELO as localhost.localdomain
Answer not yet fleshed out.
The name used in EHLO/HELO is pulled from configuration option primary_hostname
Debian's exim4 default configuration does not set primary_hostname
exim then defaults to uname() to find the host name. If that call only returns one component, gethostbyname() or getipnodebyname() is used to obtain the fully qualified host name.
Most frequent cause for localhost.localdomain is the default /etc/hostname created by Debian installation.
- The recommended way is to fix the system instead of forcing exim to the intended host name.
I tried all of the above (on Etch testing) and none of it helped, in particular, hostname -f was still returning localhost.localdomain. What I did find is that it was being fooled by the settings in /etc/hosts which contained the lines:
127.0.0.1 localhost.localdomain localhost myrealhostname <myip> myrealhostanme myrealhostname.example.com
I changed it to (which is how Sarge is configured by default):
127.0.0.1 localhost <myip> myrealhostname.example.com myrealhostname
and now both hostname -f and my HELO string deliver the proper FQDN.
1.1.13. How do I configure a catch-all?
Answer not yet fleshed out.
*: target in /etc/aliases
- break the loop by aliasing the target account to itself
- other aliases take precedence, alias exceptions to themselves
- catch-all is a real bad idea these days
1.1.14. Exim stops delivery after ten messages are received
Answer not yet fleshed out.
- In the default configuration, exim delivers the first ten messages received over a single SMTP connection immediately, and places the following messages on the queue.
- These messages will be delivered by the next queue runner process
- Queue runners are started every 30 minutes by default.
- This situation is most frequently experienced by sites running fetchmail
- One possible fix: increase smtp_accept_queue_per_connection. This option is not in the default configuration, hence the default of 10 is used by exim.
- In the fetchmail case, a better fix is to have fetchmail execute exim -q after finishing the retrieving process.
- This decreases the load spike which would otherwise be experienced.
You can specify a command to execute in fetchmailrc using the postcommand user option, e.g. postcommand "/usr/sbin/exim4 -q", in the appropriate "poll" line in your fetchmailrc. This, of course, assumes that the user running fetchmail has the appropriate privileges to cause an exim queue run.
1.1.15. How can I debug SMTP AUTH and/or other SMTP aspects
- Exim's logs are usually quite helpful
- Find out which side of the communication is causing you trouble
- Check whether the other side behaves properly
- Use telnet, openssl and/or gnutls-cli for low-level debugging
If you are not too familiar with SMTP's innards, consider using [http://packages.debian.org/swaks swaks] for debugging.
1.1.16. I have configured exim with help of a non-Debian HOWTO. It doesn't work.
Unfortunately, a lot of third-party documentation has been written by people who do not fully understand how things work. They might have been successful in solving the issue at their hands, but challenges are so different that it is extremely improbable that the solution will hold in other situations.
It is thus adviseable to take third-party HOWTOs with extreme caution and use them only as input for a local solution. Taking a third-party configuration snippet verbatim is like asking for extreme trouble.
In this FAQ entry, we'll link to third-party HOWTO documents and comment about what we think about their contents.
[http://www.lexspoon.org/linux/smtp-relay.html SMTP Relaying Via a Smarthost.] This document shows basic understanding of the concepts in an abstract way, but gives questionable advice in detail.
- The document gives a truckload of Debian-specific advice and does not say that it is Debian-specific. This suggests that the author does not have too much E-Mail admin experience, and nearly none outside a Debian environment.
- Why does the document recommend changing our local configuration to use a hardcoded user name instead of the file lookup that we provide?
- Why does the document recommend having Exim listen on Port 26 instead of using the standardized submission port 587?
- The author has never heard of swaks and advocates manual debugging
- The author rants about Debian's exim4 configuration scheme and calls it "confusing". In the same paragraph, he says that he didn't find out how to use a single, hand-crafted exim4.conf file. Considered that it is prominently documented in the README that /etc/exim4/exim4.conf takes absolute preference over all other configurations, it looks to me that the author of this HOWTO did not bother to read our documentation.
[http://koivi.com/exim4-config/ Installing and configuring Exim 4 on Debian.] This document gives advice how to configure spamassassin, clamav and some implementation of "virtual domains". Please note that "virtual" is a very overused term and you might think of "virtual domains" as something different than the document's author might think. Additionally, the documentation uses exim's built-in content scanning interface to link to clamav, but uses sa-exim for spamassassin integration. This is double work since exim's built-in content scanning can link to spamassassin as well.
[http://www.lug-untermain.de/howto/exim.php Gemischtes Doppel.] This Document in German language isn't so bad, but it switches off all Debian automatisms and leaves the user out in the dark without updates.
[http://www.dbmail.org/dokuwiki/doku.php?id=debian:exim4 debian:exim4 [dbmail]] is a HOWTO about how to use exim4 with dbmail. I have to advise against using this howto for the following reasons:
- The author himself claims to be not an expert on spamassassin, pam, clamav or exim4. Yet, he publishes his (wrong and misleading) findings.
- He neither did manage to get saslauthd to work, nor mySQL. Both things are trivial to do if one has familiarized oneself with exim as it is necessary to run a mail server on the Internet.
- It advises to use sa-exim "For Spamassassin auto-blocking". I don't know what auto-blocking is, but exim can use spamassassin at SMTP time natively and can also block depending on the spamassassin results. I have not yet seen a setup where sa-exim was actually needed.
- At least th HOWTO uses our configuration and allows people to receive updates in the future.
1.1.17. How can I create a blacklist to deny specific hosts / ip addresses?
- demonstrate how debian configures blacklists and how they differ from the default non-debian configuration
I know little, just made it work with the monolithic file that supports debconf.
~$ less /etc/exim4/exim4.conf.template shows the file that debian exim4 constructs a config file from. Search '/' for "acl_check_rcpt" (Second occurance) to find the sequence of rules which are pretty comprehensive. exim4.conf.template recommends viewing /usr/share/doc/exim4-config/default_acl
To make a local blacklist create a file called /etc/exim4/local_host_blacklist. List your least favourite hostnames, IP addresses, or networks in CIDR format.
To use an IP blacklist service, edit /etc/exim4/update-exim4.conf.conf to include an entry like CHECK_RCPT_IP_DNSBLS=ipblacklist.foo.bar/$sender_address_domain
Same again for a DNS blacklist, over two lines this time CHECK_RCPT_DOMAIN_DNSBLS=dnsblacklist1.foo.bar/$sender_address_domain : \ dnsblacklist2.foo.bar/$sender_address_domain
CHECK_RCPT_LOCAL_ACL_FILE is provided as a hook for a custom access list. If you want to go that far you're a braver hacker than I. Let us know how you get on.
I don't know about non-debian exim4. From what I've seen, there seems to be encouragement out there to add a few lines to your exim4.conf file now and again. I've heard legends about how your exim conf file can get spectacularly out of control, but don't want to find out for myself.
1.1.18. How can I integrate content scanning at SMPT time with Exiscan?
- demonstrate how debian writes exim4's configuration (/etc/exim4/exim.conf.template) file to allow for exiscan intergration.
Back to PkgExim4